Problem using views
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sun Sep 22 23:44:00 UTC 2002
>
> Hi everyone -
>
> I am using bind 9.2.2rc1, configured with views.
>
> so there is (shortened):
>
> --%snip%--
> view internal {
> match-clients { local; };
> zone "domainA.tld" in { type master; file "internal/db.domainA.tld"; };
> zone "domainB.tld" in { type master; file "external/db.domainB.tld";
> allow-update { key mykey; }; };
> }
> view external {
> match-clients { any; };
> zone "domainA.tld" in { type master; file "external/db.domainA.tld"; };
> zone "domainB.tld" in { type master; file "external/db.domainB.tld";
> allow-update { key mykey; }; };
> }
> --%snap%--
This is a bad configuration. You can only share master files if
the files are read-only as far as named is concerned.
Mark
>
> Now, when updating some domainB.tld RR from an external client via nsupdate,
> everything seems working fine:
>
> > update.log: client 111.222.111.222#1065: updating zone 'domainB.tld/IN':
> adding an RR
> > bind.log: zone domainB.tld/IN: sending notifies (serial 2002092205)
> > xfer.log: client 112.221.112.221#57813: transfer of 'domainB.tld/IN': IXFR
> started
>
> But now when querying the nameserver using a local client, the SOA is still
> the former one (2002092204), the added RR is not available. Using a remote
> client (external view), the correct SOA is presented and a query returns
> the right value. Very strange: my slave nameserver (running bind 9.2.2rc1)
> started an IXFR (see above), but presents the incorrect SOA and RR, too,
> when querying from an internal view. Queries matching the external view are
> answered correctly.
>
> So I thought that removing the duplicate entries might be a solution
> (removing all external zones from the internal view), but that doesn't
> work. When doing that, everyone may query my nameserver but me (local).
>
> Removing the view concept itself is neither a solution, as I need an
> internal view of one of these zones and a "." type hint zone.
>
> Last but not least: I need to be able to update the zones from inside
> (internal) and outside (external) via nsupdate. That works for now by
> restarting the nameserver after changing a RR or something.
>
> Any suggestions?
>
> Sincerely,
> Marc
>
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list